상호 연결된 EVPN-MPLS WAN 게이트웨이를 통한 EVPN-VXLAN 데이터센터 연결 구성
EVPN-MPLS를 실행하는 WAN 게이트웨이 디바이스를 통해 EVPN-VXLAN(Ethernet VPN Virtual Extensible LAN) 데이터센터를 원활하게 연결할 수 있습니다.
위상수학
다음 다이어그램은 게이트웨이 모델을 사용하여 EVPN-MPLS WAN을 통해 연결된 두 개의 EVPN-VXLAN 데이터센터를 보여줍니다. 각 게이트웨이는 EVPN MAC-VRF 라우팅 인스턴스로 구성됩니다. 각 MAC-VRF 인스턴스는 VXLAN 캡슐화를 사용하며, 각 MAC-VRF 인스턴스 내의 상호 연결은 MPLS 캡슐화를 사용합니다.
EVPN-MPLS WAN
구성
user@device> show configuration routing-instances evpn-vxlan instance-type mac-vrf; protocols { evpn { encapsulation vxlan; default-gateway no-gateway-community; extended-vni-list all; interconnect { vrf-target target:2:2; route-distinguisher 100:110; esi { 00:0a:0b:0c:0d:0a:0b:0c:0d:0a; all-active; } interconnected-vlan-list [ 51 52 ]; encapsulation mpls; } } } vtep-source-interface lo0.0; service-type vlan-aware; interface et-0/0/7.0; interface et-0/0/9.0; route-distinguisher 100:11; vrf-target target:1:1; vlans { bd51 { vlan-id 51; l3-interface irb.51; vxlan { vni 501; } } bd52 { vlan-id 52; l3-interface irb.52; vxlan { vni 502; } } }
user@device> show configuration routing-instances evpn-vxlan instance-type mac-vrf; protocols { evpn { encapsulation vxlan; default-gateway no-gateway-community; extended-vni-list all; interconnect { vrf-target target:2:2; route-distinguisher 200:210; esi { 00:aa:bb:cc:dd:aa:bb:cc:dd:aa; all-active; } interconnected-vlan-list [ 51 52 ]; encapsulation mpls; } } } vtep-source-interface lo0.0; service-type vlan-aware; interface et-0/0/7.0; interface et-0/0/9.0; route-distinguisher 200:21; vrf-target target:3:3; vlans { bd51 { vlan-id 51; l3-interface irb.51; vxlan { vni 501; } } bd52 { vlan-id 52; l3-interface irb.52; vxlan { vni 502; } } }
멀티 홈 게이트웨이 디바이스의 경우, 글로벌 수준에서 다음 문을 포함해야 합니다.
set protocols evpn interconnect-multihoming-peer-gateways VTEP-IP-of-each-DCI-GW-peer-in-local-DC
라우팅 인스턴스 내에서는 위의 명령문을 구성할 수 없습니다.
또한 Junos OS 릴리스 24.2R1에서 문의 interconnect-multihoming-peer-gateways
이름이 변경 multihoming-peer-gateways
되어 여러 사용 사례에서 멀티호밍 피어 디바이스 식별을 지원합니다. Junos OS 및 Junos OS Evolved 릴리스 24.4R1부터 상호 연결 사용 사례를 위해 특별히 문 이름을 복원 interconnect-multihoming-peer-gateways
했습니다. 다른 기능 사용 사례에 대해서도 다른 명령문을 구현했으며, Junos OS CLI에서 이러한 명령문을 더 이상 볼 multihoming-peer-gateways 수 없습니다.
멀티호밍에 대한 자세한 설명은 이 문서의 범위를 벗어납니다. 멀티호밍에 대한 자세한 내용은 EVPN 멀티호밍 개요를 참조하십시오.
확인
경로가 mpls.0에 표시되는지 확인합니다.
user@GW11> show route table mpls.0 protocol evpn | grep "Egress" 102 *[EVPN/7] 00:21:22, routing-instance evpn-vxlan, route-type Egress-MAC, vlan-id 51, ESI 00:aa:bb:cc:dd:aa:bb:cc:dd:aa 103 *[EVPN/7] 00:21:22, remote-pe 10.200.22.22, routing-instance evpn-vxlan, route-type Egress-MAC, vlan-id 51 104 *[EVPN/7] 00:21:22, routing-instance evpn-vxlan, route-type Egress-MAC, vlan-id 52, ESI 00:aa:bb:cc:dd:aa:bb:cc:dd:aa 105 *[EVPN/7] 00:21:22, remote-pe 10.200.22.22, routing-instance evpn-vxlan, route-type Egress-MAC, vlan-id 52 106 *[EVPN/7] 00:21:22, remote-pe 10.200.22.21, routing-instance evpn-vxlan, route-type Egress-MAC, vlan-id 51 107 *[EVPN/7] 00:21:22, remote-pe 10.200.22.21, routing-instance evpn-vxlan, route-type Egress-MAC, vlan-id 52 108 *[EVPN/7] 00:21:22, remote-pe 10.200.22.21, routing-instance evpn-vxlan, route-type Egress-IM, vlan-id 51 109 *[EVPN/7] 00:21:22, remote-pe 10.200.22.21, routing-instance evpn-vxlan, route-type Egress-IM, vlan-id 52 110 *[EVPN/7] 00:21:22, remote-pe 10.200.22.22, routing-instance evpn-vxlan, route-type Egress-IM, vlan-id 51 111 *[EVPN/7] 00:21:22, remote-pe 10.200.22.22, routing-instance evpn-vxlan, route-type Egress-IM, vlan-id 52 {master}[edit] user@GW11> show route table mpls.0 protocol evpn | grep "Ingress" 99 *[EVPN/7] 00:21:29, routing-instance evpn-vxlan, route-type Ingress-MAC, vlan-id 51 [EVPN/7] 00:21:29, routing-instance evpn-vxlan, route-type Ingress-Aliasing, vlan-id 51 100 *[EVPN/7] 00:21:29, routing-instance evpn-vxlan, route-type Ingress-MAC, vlan-id 52 [EVPN/7] 00:21:29, routing-instance evpn-vxlan, route-type Ingress-Aliasing, vlan-id 52 112 *[EVPN/7] 00:21:28, routing-instance evpn-vxlan, route-type Ingress-IM, vlan-id 51 113 *[EVPN/7] 00:21:28, routing-instance evpn-vxlan, route-type Ingress-IM, vlan-id 52
VXLAN VNI가 EVPN 데이터베이스에 채워져 있는지 확인합니다.
user@GW11> show evpn database mac-address 00:00:11:11:51:01 extensive Instance: evpn-vxlan VN Identifier: 501, MAC address: 00:00:11:11:51:01 State: 0x0 Source: 00:11:12:11:11:11:11:11:11:11, Rank: 1, Status: Active Remote origin: 10.11.1.11 Remote state: <Mac-Only-Adv> Remote origin: 10.11.1.12 Remote state: <Mac-Only-Adv> Mobility sequence number: 0 (minimum origin address 10.11.1.11) Timestamp: Jun 28 22:51:12.147619 (0x649c6c08) State: <Remote-To-Local-Adv-Done> MAC advertisement route status: Not created (no local state present) Interconn advertisement route status: DCI route created IP address: 10.100.51.1 Remote origin: 10.11.1.11 Remote state: <Sent-to-l2ald> Remote origin: 10.11.1.12 Remote state: <Sent-to-l2ald> Interconn advertisement route status: DCI route created History db: Time Event Jun 28 22:51:09.533 2023 00:11:12:11:11:11:11:11:11:11 : Created Jun 28 22:51:09.541 2023 00:11:12:11:11:11:11:11:11:11 : Remote peer 10.11.1.12 created Jun 28 22:51:09.546 2023 Updating output state (change flags 0x1 <ESI-Added>) Jun 28 22:51:09.546 2023 Active ESI changing (not assigned -> 00:11:12:11:11:11:11:11:11:11) Jun 28 22:51:09.547 2023 00:11:12:11:11:11:11:11:11:11 : 10.100.51.1 Selected IRB interface nexthop Jun 28 22:51:09.547 2023 00:11:12:11:11:11:11:11:11:11 : 10.100.51.1 Reject remote ip host route 10.100.51.1 in L3 context VRF-100 since no remote-ip-host-routes configured Jun 28 22:51:09.733 2023 00:11:12:11:11:11:11:11:11:11 : 10.100.51.1 Selected IRB interface nexthop Jun 28 22:51:09.733 2023 00:11:12:11:11:11:11:11:11:11 : 10.100.51.1 Reject remote ip host route 10.100.51.1 in L3 context VRF-100 since no remote-ip-host-routes configured Jun 28 22:56:46.300 2023 00:11:12:11:11:11:11:11:11:11 : 10.100.51.1 Selected IRB interface nexthop Jun 28 22:56:46.300 2023 00:11:12:11:11:11:11:11:11:11 : 10.100.51.1 Reject remote ip host route 10.100.51.1 in L3 context VRF-100 since no remote-ip-host-routes configured
IRB에 대한 MAC 테이블 항목을 확인합니다.
user@GW11> show ethernet-switching table 00:00:11:11:51:01 MAC flags (S - static MAC, D - dynamic MAC, L - locally learned, P - Persistent static SE - statistics enabled, NM - non configured MAC, R - remote PE MAC, O - ovsdb MAC, B - Blocked MAC) Ethernet switching table : 33 entries, 33 learned Routing instance : evpn-vxlan Vlan MAC MAC GBP Logical SVLBNH/ Active name address flags tag interface VENH Index source bd51 00:00:11:11:51:01 DR esi.11802 00:11:12:11:11:11:11:11:11:11
user@GW11> show ethernet-switching mac-ip-table 00:00:11:11:51:01 MAC IP flags (S - Static, D - Dynamic, L - Local , R - Remote, Lp - Local Proxy, Rp - Remote Proxy, K - Kernel, RT - Dest Route, (N)AD - (Not) Advt to remote, RE - Re-ARP/ND, RO - Router, OV - Override, Ur - Unresolved, RTS - Dest Route Skipped, RGw - Remote Gateway, GBP - Group Based Policy, RTF - Dest Route Forced, SC - Static Config, P - Probe, NLC - No Local Config) Routing instance : evpn-vxlan Bridging domain : bd51 IP MAC Flags GBP Logical Active address address Tag Interface source 10.100.51.1 00:00:11:11:51:01 DR,K,RT esi.11802 00:11:12:11:11:11:11:11:11:11 user@GW11> show route forwarding-table destination 00:00:11:11:51:01 vpn evpn-vxlan Routing table: evpn-vxlan.vpls VPLS: Destination Type RtRef Next hop Type Index NhRef Netif 00:00:11:11:51:01/48 user 0 indr 11809 1 .local..56 comp 11802 1 comp 11795 1 vtep.32773 indr 6323 1 sftw 19002 1 et-0/0/1.0 10.11.11.1 ucst 1014 1 et-0/0/1.0 comp 11796 1 vtep.32775 indr 6324 1 sftw 19004 1 et-0/0/3.0 10.12.11.1 ucst 1001 1 et-0/0/3.0
user@GW11> show arp no-resolve | grep 10.100.51.1 00:00:11:11:51:12 10.100.51.12 irb.51[ et-0/0/9.0 ] permanent remote